A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to execute code with the permission of the user running TD Designer. The attacker must have write access to the directory containing the TD project file in order to exploit the vulnerability. A legitimate user with higher privileges than the attacker must open the TD project in order for this vulnerability to be exploited.

CVE-2018-13806 is the case number assigned to this vulnerability, which has a CVSS v3 base score of 7.3.

The product sees use in the chemical, energy, food and agriculture, and water and wastewater systems sectors. It also sees action on a global basis.

No known public exploits specifically target this vulnerability. This vulnerability is not remotely exploitable. However, an attacker with low skill level could leverage the vulnerability.

Siemens has identified the following specific workarounds and mitigations that users can apply to reduce the risk:
• Restrict write permissions to directories with TD project files to authorized users
• Only open TD projects from trusted sources

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. In order to operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens’ operational guidelines for Industrial Security and following the recommendations in the product manuals.